Johannesburg - The first indication that Sandra Benade had become the victim of a crime syndicate was when her phone stopped working.
By the time she realised what had happened, more than R43 000 had been withdrawn from her bank account.
Someone had swopped her cellphone SIM without her authority or producing a copy of her ID.
More worrying for Benade is that she doesn’t know how the criminals got her banking account and password details. She suspects it was an inside job.
Later she found that someone had gone to a Nashua Mobile store in Wonderpark, Pretoria, and had done a SIM swop on her phone.
“When I saw the form that was filled out, I found that the ID number and where my signature was supposed to be had been left blank. They simply just walked in,” she said.
The swop, she discovered, had been done at 4.50pm on a Friday.
“They did it just before the banks closed,” Benade said, adding that she had an account with Nashua Mobile but had never visited that store.
Within an hour, she noticed that her phone couldn’t log on to a network. It was only when she received an e-mail that she found money had left her account. The total amount taken was R43 600.
Security experts and banks say that SIM swops usually are part of a larger con scam. They are usually done after the criminals have obtained a victim’s banking details.
The preferred way of doing this is by phishing a bogus e-mail or SMS that is sent to try to get the target to send banking log-on and password details.
The SIM swop is to either get the one-time password needed to create a beneficiary or to block the SMSes sent to the client informing them of money leaving their account.
But Benade says she was not the victim of a phishing scam.
She works in the IT industry and says she is tech savvy.
“It must have been an inside job,” she said.
Several attempts to obtain comment from Nashua Mobile have been unsuccessful.
Benade opened a case at the Douglasdale police station.
Her bank has refunded R37 000 of the money stolen and is now considering taking legal action against Nashua Mobile.
IT security expert Craig Rosewarne said he first saw illegal sim swops about three years ago. The number has increased in the past year.
“In most cases, we have found that the victims have given out their details in phishing scams,” he said.
The SA Banking Risk Information Centre said there had also been a few cases where criminals used spyware or Trojans to harvest banking details.
“Often the syndicate has someone with the service who provides help in duplicating the sim card,” said Rosewarne.
But the mystery, according to another cellphone crime expert, is why Benade was targeted.
“Someone knew she had money, and someone had got that information from the bank,” said Hendrik Lochner, senior lecturer at the Department of Police Practice – Forensic and Criminal Investigation Science, Unisa.
SAFEGUARD your INFORMATION
* Protect your personal details, including cellphone account information, contract type, debit order dates and ID, from third parties and websites.
* Do not click on any website links, especially those purporting to come from your bank or Sars. Rather type the name of the website into the browser.
* Always be aware of your cellphone’s network connectivity status. If you realise that you are not receiving any calls or text notifications, something may be wrong and you should make enquiries.
* Some cellphone network operators send customers an SMS to alert them of a SIM swop instruction, and customers should contact their network operator if the request is believed to be fraudulent.
* Check your bank statements and online banking transaction history regularly. In this way, you should be able to identify any unauthorised transactions. – Tips supplied by SA Banking Risk Information Centre
The Star
FOR THE RECORD:
On Monday, The Star and IOL ran the above story without Nashua Mobile’s comment.
Here is their comment. Nashua mobile said they were aware of the incident.
“We are looking into this customer’s complaint and are working as quickly as we can to complete an investigation into this incident,” said Krisen Govender, chief officer, consumer and marketing, at Nashua Mobile.
Govender said customers should know that when a SIM swop takes place, Nashua Mobile alerts them through an SMS.
“The new SIM card will not go live for two hours after the SMS is sent to give the customer time to contact us if he or she did not authorise the swop,” he said.
The Star and IOL regret the error.